MGASA-2012-0145
Date: | July 9th, 2012 |
Affected releases: | 1 |
Description:
Updated openssh packages fix security vulnerability:
The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and
earlier, when gssapi-with-mic authentication is enabled, allows remote
authenticated users to cause a denial of service (memory consumption)
via a large value in a certain length field (CVE-2011-5000).
Note: only systems on which GSSAPI authentication has been enabled are
vulnerable to this flaw, as it is disabled by default in Mageia.
Updated Packages:
openssh-5.8p1-2.1.mga1
openssh-askpass-5.8p1-2.1.mga1
openssh-askpass-common-5.8p1-2.1.mga1
openssh-askpass-gnome-5.8p1-2.1.mga1
openssh-clients-5.8p1-2.1.mga1
openssh-server-5.8p1-2.1.mga1
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5000
https://rhn.redhat.com/errata/RHSA-2012-0884.html
https://bugs.mageia.org/show_bug.cgi?id=6524